Category: Cyber Security
-
Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign
Microsoft-Signed Binary Used to Sneak LOTUSLITE Into India-Focused Espionage Campaign A state-linked threat group has been caught running a quiet but carefully planned espionage operation against India’s banking sector, using a trusted Microsoft-signed file to slip malware past security defenses. The campaign delivers a new version of the LOTUSLITE backdoor through a technique known as…
-
Microsoft Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability
Microsoft Emergency .NET 10.0.7 Update to Patch Elevation of Privilege Vulnerability Microsoft has issued an emergency out-of-band (OOB) security update for .NET 10, releasing version 10.0.7 on April 21, 2026, to address a critical elevation of privilege vulnerability discovered in the Microsoft.AspNetCore.DataProtection NuGet package. The out-of-band release was prompted after customers began reporting decryption failures…
-
Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments
Claude Code, Gemini CLI, and GitHub Copilot Vulnerable to Prompt Injection via GitHub Comments A critical cross-vendor vulnerability class dubbed “Comment and Control” is a new category of prompt injection attacks that weaponizes GitHub pull request titles, issue bodies, and issue comments to hijack AI coding agents and steal API keys and access tokens directly from CI/CD…
-
SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials
SideWinder Uses Fake Chrome PDF Viewer and Zimbra Clone to Steal Government Webmail Credentials A well-known advanced persistent threat group called SideWinder has launched a highly targeted phishing campaign against South Asian government organizations, using a fake Chrome PDF viewer and a pixel-perfect clone of the Zimbra email login portal to steal employee credentials. The…
-
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability
PoC Exploit Released for Windows Snipping Tool NTLM Hash Leak Vulnerability A proof-of-concept (PoC) exploit has been publicly released for a newly disclosed vulnerability in Microsoft’s Snipping Tool that allows attackers to silently steal users’ Net-NTLM credential hashes by luring them to a malicious webpage. Tracked as CVE-2026-33829, the flaw resides in how Windows Snipping…
-
iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution
iTerm2 Flaw Abuses SSH Integration Escape Sequences to Turn Text Into Code Execution Cybersecurity researchers, working in partnership with OpenAI, have uncovered a fascinating and severe vulnerability in iTerm2, a widely used macOS terminal emulator. According to Califio, the flaw abuses the application’s SSH integration feature, allowing attackers to turn seemingly harmless text output into…
-
British National Admits Hacking Companies and Stealing Millions in Virtual Currency
British National Admits Hacking Companies and Stealing Millions in Virtual Currency A British man has pleaded guilty in the United States to his role in a large cybercrime scheme that used SMS phishing, company network intrusions, and SIM swapping to steal at least $1 million in virtual currency from victims across the country. Tyler Robert…
-
Public Notion Pages Leaks Profile Photos and Email address of Editors
Public Notion Pages Leaks Profile Photos and Email address of Editors Notion, a popular productivity and collaboration platform, is under significant scrutiny from the cybersecurity community. Security researchers have revealed that public Notion pages silently expose the personally identifiable information (PII) of anyone who has ever edited them. This data leak includes full names, email…
-
NIST Shifts to Risk-Based NVD Model as CVE Submissions Surge 263% Since 2020
NIST Shifts to Risk-Based NVD Model as CVE Submissions Surge 263% Since 2020 The National Institute of Standards and Technology (NIST) has officially updated how it processes vulnerabilities in the National Vulnerability Database (NVD). According to an April 15, 2026 announcement, NIST is abandoning its comprehensive analysis approach in favor of a targeted, risk-based model.…
-
Google Uses Gemini AI to Stop Malicious Ads From Threat Actors – 8.3 billion ads Blocked
Google Uses Gemini AI to Stop Malicious Ads From Threat Actors – 8.3 billion ads Blocked Threat actors are increasingly leveraging generative AI to launch sophisticated advertising scams at an unprecedented scale. In response, Google has integrated its advanced Gemini AI models into its security infrastructure to neutralize these threats actively. According to Google’s newly…
-
Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware
Hackers Use CVE-2024-3721 to Infect TBK DVRs With Nexcorium DDoS Malware A newly identified botnet campaign is actively exploiting a critical flaw in TBK digital video recorders to deploy a dangerous piece of malware known as Nexcorium, a Mirai-based threat built to launch large-scale distributed denial-of-service attacks. The vulnerability at the center of this campaign,…
-
Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters
Critical Vulnerability In Flowise Allows Remote Command Execution Via MCP Adapters A critical vulnerability in Flowise and multiple AI frameworks has been discovered by OX Security, exposing millions of users to remote code execution (RCE). The flaw stems from the Model Context Protocol (MCP), a widely used communication standard for AI agents developed by Anthropic.…
-
OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations
OpenAI Expands Cyber Defense Program With GPT-5.4-Cyber Access for Trusted Organizations OpenAI has officially launched the expanded phase of its Trusted Access for Cyber program. Granting select organizations access to its specialized GPT-5.4-Cyber model to strengthen digital defenses across critical infrastructure, financial services, and open-source security communities. The program operates on a tiered trust model advanced AI cyber capabilities…
-
Apple Works on Fix for iPhone Passcode Bug Linked to Missing Czech Keyboard Character
Apple Works on Fix for iPhone Passcode Bug Linked to Missing Czech Keyboard Character Apple is reportedly developing a software fix for a frustrating iOS 26 bug that has left some users entirely locked out of their iPhones for months. According to a recent report by The Register, Cupertino’s software engineers are scrambling to patch…
-
Researcher Uses Claude Opus to Build a Working Chrome Exploit Chain
Researcher Uses Claude Opus to Build a Working Chrome Exploit Chain Amidst the heated debate surrounding Anthropic’s recent announcement of its Mythos and Project Glasswing models, a security researcher has demonstrated the tangible cybersecurity implications of frontier AI. Moving beyond theoretical warnings, the researcher successfully utilized Claude Opus to construct a fully functional exploit chain…
-
Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say
Fiverr Allegedly Leaks User Information to Google Indexing, Researchers Say Freelance service platform Fiverr is facing a significant privacy incident after researchers discovered that sensitive customer files are publicly accessible and indexed by Google search. According to a recent disclosure on Hacker News, an insecure file-hosting configuration has exposed personal identifiable information (PII), including completed…
-
Nexcorium-Associated Mirai Variant Uses TBK DVR Exploit to Scale Botnet Operations
Nexcorium-Associated Mirai Variant Uses TBK DVR Exploit to Scale Botnet Operations A new iteration of the notorious Mirai botnet, dubbed Nexcorium, has emerged in the wild, aggressively targeting internet-connected video recording devices. According to recent threat research published by Fortinet’s FortiGuard Labs, threat actors are exploiting a known command injection vulnerability to hijack TBK DVR…
-
Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns
Nearly 6 Million Internet-Facing FTP Servers Still Exposed in 2026, Censys Warns According to a recent April 2026 report by security researcher Himaja Motheram at Censys, just under 6 million internet-facing hosts are still running the File Transfer Protocol (FTP). While this marks a significant 40% decline from the 10.1 million servers observed in 2024,…
-
PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands
PoC Exploit Released for FortiSandbox Vulnerability that Allows Attacker to Execute Commands A proof-of-concept (PoC) exploit has been publicly released for a critical vulnerability in Fortinet’s FortiSandbox product, tracked as CVE-2026-39808. The flaw allows an unauthenticated attacker to execute arbitrary operating system commands as root, the highest privilege level, without requiring any login credentials. The vulnerability…
-
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts
Hackers Target TP-Link Routers With Mirai Malware in CVE-2023-33538 Exploitation Attempts A known security flaw in several end-of-life TP-Link Wi-Fi routers is being actively targeted by hackers trying to install Mirai-based botnet malware on vulnerable devices. The vulnerability, tracked as CVE-2023-33538, affects multiple TP-Link models that no longer receive vendor updates, leaving users with no…
-
Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches
Microsoft Confirms Windows Servers Enter Reboot Loops Following April Patches Microsoft has confirmed a critical known issue affecting Windows Server 2025 domain controllers following the deployment of the April 2026 Patch Tuesday cumulative update, KB5082063, where affected servers are entering repeated reboot loops after installation. Released on April 14, 2026, the cumulative update KB5082063 (OS…
-
Windows Snipping Tool Vulnerability Allows Attacker to Perform Spoofing Over a Network
Windows Snipping Tool Vulnerability Allows Attacker to Perform Spoofing Over a Network Microsoft has addressed a moderate-severity security flaw in the Windows Snipping Tool that could allow malicious actors to steal user credentials. Tracked as CVE-2026-33829, this spoofing vulnerability was officially patched during the April 14, 2026, security updates. Discovered and reported by security researchers…
-
One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands
One-Click RCE in Azure Windows Admin Center Allow Attacker to Execute Arbitrary Commands Windows Admin Center is a locally deployed, browser-based management tool used by IT administrators to manage Windows servers, clients, and clusters from a centralized graphical interface. This newly discovered critical flaw, identified by Cymulate Research Labs, allows attackers to achieve unauthenticated, one-click…
-
Hackers Target Israeli Desalination Plants With ZionSiphon Sabotage Malware
Hackers Target Israeli Desalination Plants With ZionSiphon Sabotage Malware A newly discovered piece of malware called ZionSiphon has raised serious concerns about the security of critical water infrastructure in Israel. The malware was built with a clear focus: to infiltrate and potentially sabotage Israeli water treatment and desalination systems, the very facilities responsible for providing…
-
Hackers Target Trucking and Freight Firms to Steal Real-World Cargo Shipments
Hackers Target Trucking and Freight Firms to Steal Real-World Cargo Shipments A new wave of cyber attacks is hitting trucking carriers and freight brokers, and the goal is not just data theft. Criminals are breaking into logistics companies digitally to steal physical cargo shipments worth millions of dollars in the real world. Cargo theft is…
-
New Chrome Privacy Analysis Shows How Fingerprinting and Header Leaks Can Expose Users
New Chrome Privacy Analysis Shows How Fingerprinting and Header Leaks Can Expose Users Google Chrome is the most widely used browser in the world, yet a sweeping new analysis reveals it offers users almost no protection against fingerprinting and data leaks that quietly expose their identity to websites and trackers. Published April 14, 2026, the…
-
Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks
Splunk Enterprise and Cloud Platform Vulnerability Enables Remote Code Execution Attacks A critical security vulnerability has been officially disclosed, affecting multiple versions of Enterprise and Cloud platforms. Tracked as CVE-2026-20204, this high-severity flaw carries a CVSS score of 7.1 and poses a significant threat to organizational networks. Discovered and reported by Splunk researcher Gabriel Nitu,…
-
Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now!
Critical Chrome Vulnerabilities Let Attackers Execute Arbitrary Code – Update Now! Google has rolled out a crucial security update for its Chrome browser, addressing 31 vulnerabilities that could leave systems exposed to severe cyber threats. Released on April 15, 2026, this Stable Channel update requires immediate attention from users worldwide, as the most severe flaws…
-
Fake Adobe Reader Download Delivers ScreenConnect Through Stealthy In-Memory Loader
Fake Adobe Reader Download Delivers ScreenConnect Through Stealthy In-Memory Loader A newly uncovered attack campaign is tricking users into installing remote access software on their systems by disguising malware as a legitimate Adobe Acrobat Reader download. The attack uses a sophisticated chain of techniques — including in-memory execution, process masquerading, and privilege escalation — to…
-
1,250+ C2 Servers Mapped Across Russian Hosting Across 165 Providers
1,250+ C2 Servers Mapped Across Russian Hosting Across 165 Providers Cybersecurity researchers have uncovered a large and organized network of malicious infrastructure quietly running inside Russia’s commercial hosting ecosystem. Over a three-month window from January 1 to April 1, 2026, more than 1,250 active command-and-control (C2) servers were detected across 165 Russian infrastructure providers, spanning…
-
FUNNULL-Linked Triad Nexus Resurfaces With 175+ Rotating CNAME Domains and Global Scam Portals
FUNNULL-Linked Triad Nexus Resurfaces With 175+ Rotating CNAME Domains and Global Scam Portals A cybercriminal group tied to the FUNNULL Content Delivery Network has made a calculated return with a far more sophisticated and evasive infrastructure. Known as Triad Nexus, the group has rebuilt its global fraud operation following U.S. Treasury sanctions, deploying over 175…
-
Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature
Windows BitLocker Vulnerability Allows Attacker to Bypass Security Feature Microsoft officially released security updates to address a significant vulnerability in Windows BitLocker. Tracked as CVE-2026-27913, this security feature bypass vulnerability was discovered by security researcher Alon Leviev in collaboration with the Microsoft STORM team. The flaw poses a substantial risk to enterprise device security architectures.…
-
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT
New JanaWare Ransomware Targets Turkish Users Through Customized Adwind RAT A new ransomware family called JanaWare has begun targeting computer users in Turkey, relying on a customized version of the Adwind remote access trojan (RAT) to gain a foothold on victims’ systems. This campaign stands out because it combines a known cross‑platform RAT with fresh…
-
Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack
Microsoft Defender 0-Day Vulnerability Enables Privilege Escalation Attack Microsoft has released patch Tuesday security updates to address a newly discovered zero-day vulnerability in the Microsoft Defender Antimalware Platform. Disclosed on April 14, 2026, the flaw is tracked as CVE-2026-33825 and carries an “Important” severity rating. If successfully exploited, this elevation-of-privilege vulnerability allows an attacker…
-
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack
25,000+ Endpoints Exposed by Dragon Boss Solutions Update Domain Supply Chain Attack What started as a routine adware alert quickly turned into something far more serious. On the morning of March 22, 2026, security alerts began firing across multiple managed environments, all linked to software signed by a company called Dragon Boss Solutions LLC. The…
-
Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware
Hackers Use Fake Proxifier Installer on GitHub to Spread ClipBanker Crypto-Stealing Malware A dangerous malware campaign has been silently targeting cryptocurrency users by hiding inside a fake version of Proxifier, a popular proxy software tool. Threat actors set up a GitHub repository designed to look like a legitimate Proxifier download, but the installer bundled inside…
-
Rockstar’s GTA Game Hacked – Attackers published 78.6 Million Records Online
Rockstar’s GTA Game Hacked – Attackers published 78.6 Million Records Online Rockstar Games has confirmed a data breach after the notorious hacking group ShinyHunters exploited a third-party integration to access the company’s internal Snowflake data warehouse, ultimately leaking over 78.6 million records on April 14, 2026. The breach did not stem from a direct attack…
-
Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels
Hackers Abuse GitHub and Jira Notifications to Deliver Phishing Through Trusted SaaS Channels Cybercriminals are now weaponizing the very tools that developers and IT teams trust the most. By abusing the automated notification features built into GitHub and Jira, threat actors are delivering convincing phishing emails that originate directly from those platforms’ own servers. What…
-
Mozilla Criticizes Microsoft for Installing Copilot on Windows Without User Consent
Mozilla Criticizes Microsoft for Installing Copilot on Windows Without User Consent Mozilla has publicly criticized Microsoft for deploying its AI assistant, Copilot, onto Windows systems without user consent, a practice the Firefox maker describes as prioritizing corporate revenue over user rights. In a blog post titled “Old Habits Die Hard,” Mozilla accused Microsoft of using…
-
Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset
Microsoft Confirms Recent Windows 11 Updates Break Push Button Reset Microsoft has officially acknowledged that recent security updates for Windows 11 are causing the “Reset this PC” (Push-button reset) recovery feature to fail. The issue was confirmed in the release notes for the March 2026 hotpatch updates, affecting systems running the latest operating system version.…
-
Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access
Critical WordPress Plugin Flaw Lets Attackers Bypass Authentication and Gain Admin Access A critical security flaw found in a widely used WordPress plugin is putting thousands of websites at serious risk worldwide. Tracked as CVE-2026-1492, this vulnerability affects the User Registration & Membership plugin for WordPress and lets attackers completely bypass the login process to…
-
WhatsApp’s ‘End-to-End Encryption by Default’ Claim Called Major Consumer Fraud by Pavel Durov
WhatsApp’s ‘End-to-End Encryption by Default’ Claim Called Major Consumer Fraud by Pavel Durov Telegram founder Pavel Durov has accused WhatsApp of perpetrating what he calls “the biggest consumer fraud in history,” alleging that the platform’s widely marketed end-to-end encryption (E2EE) claims are fundamentally misleading, leaving the private messages of billions of users exposed on unencrypted…
-
OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately
OpenAI Warns macOS Users to Update ChatGPT and Codex Immediately OpenAI has disclosed a security incident tied to the compromise of Axios, a widely used third-party JavaScript developer library, as part of a broader software supply chain attack detected on March 31, 2026. While the company confirmed no user data, API keys, or systems were…
-
Google Launches Gmail End-to-End Encryption for Android and iOS
Google Launches Gmail End-to-End Encryption for Android and iOS Google has officially rolled out End-to-End Encryption (E2EE) for the Gmail application on Android and iOS devices. This major update targets users utilizing Gmail client-side encryption. It allows organisations to handle sensitive data confidentially directly from their smartphones or tablets. The feature ensures compliance with strict…
-
Google Unveils Device-Bound Chrome Sessions in Anti-Cookie-Theft Move
Google Unveils Device-Bound Chrome Sessions in Anti-Cookie-Theft Move Google officially announced the public rollout of Device Bound Session Credentials (DBSC) for Windows users on Chrome 146. According to the Google Account Security and Chrome teams, this major security update aims to eliminate session hijacking, a primary method for attackers to compromise user accounts. The feature…
-
Ransomware Gangs Expand Use of EDR Killers Beyond Vulnerable Drivers, ESET Warns
Ransomware Gangs Expand Use of EDR Killers Beyond Vulnerable Drivers, ESET Warns In recent years, Endpoint Detection and Response (EDR) killers have become a standard, highly effective weapon in modern ransomware intrusions. Before launching their file-encrypting malware, cybercriminals routinely deploy specialized tools to bypass security software. According to a comprehensive new report by ESET Research,…
-
Hacker Uses Claude and ChatGPT to Breach Multiple Government Agencies
Hacker Uses Claude and ChatGPT to Breach Multiple Government Agencies A single threat actor compromised nine Mexican government agencies and stole hundreds of millions of citizen records in a highly sophisticated cyberattack. The campaign, which ran from late December 2025 through mid-February 2026, highlights a dangerous shift in the modern threat landscape. Researchers at Gambit…
-
Anthropic Launches Claude Beta for Word, Bringing AI-Powered Editing to Microsoft Docs
Anthropic Launches Claude Beta for Word, Bringing AI-Powered Editing to Microsoft Docs Anthropic has officially launched Claude for Word in public beta, bringing its AI assistant directly into Microsoft Word as a native sidebar add-in for Team and Enterprise users on both Mac and Windows platforms. The integration marks a significant step in Anthropic’s push…
-
CPUID Website Compromised to Deliver Weaponized HWMonitor and CPU-Z Tools
CPUID Website Compromised to Deliver Weaponized HWMonitor and CPU-Z Tools The cpuid-dot-com website, home to widely used system utilities CPU-Z and HWMonitor, is at the center of an active supply chain security incident. Users downloading HWMonitor 1.63 or CPU-Z ZIPs since early April have reportedly received trojanized installers capable of dropping malicious DLLs, evading antivirus…
-
Trojanized OpenVSX Extension Spreads GlassWorm Across VS Code, Cursor, and Windsurf
Trojanized OpenVSX Extension Spreads GlassWorm Across VS Code, Cursor, and Windsurf A fake developer extension published on the OpenVSX marketplace is silently spreading a known malware strain called GlassWorm to every code editor installed on a developer’s machine. The malicious package disguises itself as a legitimate productivity tool and uses a compiled native binary to…
-
Juniper Networks Default Password Vulnerability Let Attacker Take Full Control of the Device
Juniper Networks Default Password Vulnerability Let Attacker Take Full Control of the Device A critical security alert warns of a severe default password vulnerability affecting Support Insights Virtual Lightweight Collector (vLWC) appliances. This flaw enables unauthenticated network-based attackers to gain full administrative control of exposed network devices easily. Formally tracked as CVE-2026-33784, this vulnerability has…
-
DesckVB RAT Uses Obfuscated JavaScript and Fileless .NET Loader to Evade Detection
DesckVB RAT Uses Obfuscated JavaScript and Fileless .NET Loader to Evade Detection A new Remote Access Trojan known as DesckVB has been targeting systems in 2026, using obfuscated JavaScript and a fileless .NET loader to stay hidden from traditional security tools. The malware gives attackers full remote control over a victim’s machine, making it a…
-
Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center
Hackers Claim to Have Stolen 10 Petabytes of Data from China’s Tianjin Supercomputer Center Hackers are claiming that one of China’s most strategically important computing facilities suffered a massive cyber intrusion, with more than 10 petabytes of sensitive information allegedly taken from a state-run supercomputing environment that experts suspect is the National Supercomputing Center in…
-
Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects
Microsoft Suspends Developer Accounts of High-Profile Open-Source Projects Microsoft has suspended the Windows Hardware Program developer accounts of two critical open-source security projects, VeraCrypt and WireGuard, blocking their ability to sign drivers and push updates to millions of Windows users, with no prior warning or explanation provided to the developers. Mounir Idrassi, the lead developer…
-
New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection
New RoningLoader Campaign Uses DLL Side-Loading and Code Injection to Evade Detection A threat actor known as DragonBreath has launched a stealthy campaign using a multi-stage malware loader called RoningLoader. The malware targets Chinese-speaking users by disguising itself as trusted software such as Google Chrome and Microsoft Teams. Its core strength lies in a layered…
-
Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code
Critical Chrome Vulnerabilities Let Attackers to Execute Arbitrary Code Google has released Chrome 147 to the stable channel for Windows, Mac, and Linux, patching a sweeping set of security vulnerabilities — including two critical-severity flaws that could allow remote attackers to execute arbitrary code on targeted systems. The most severe vulnerabilities in this release are…
-
New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer
New Silver Fox Campaign Hides ValleyRAT Inside Fake Telegram Chinese Language Pack Installer A new malware campaign linked to the Silver Fox APT group has been discovered, using a fake Telegram Chinese language pack installer to secretly deliver ValleyRAT — a powerful remote access trojan — onto targeted machines. The malicious file, disguised as a…
-
Indian Bank Warns Users of Fake LPG Payment and KYC Update Scams to Steal Banking Info
Indian Bank Warns Users of Fake LPG Payment and KYC Update Scams to Steal Banking Info Indian Bank has issued an urgent cybersecurity advisory warning its customers about a rapidly spreading wave of fraudulent LPG payment and KYC update messages that are being used to steal banking credentials and drain accounts. Cybercriminals are exploiting growing…
-
Multiple OpenSSL Vulnerabilities Exposes Sensitive Data in RSA KEM Handling
Multiple OpenSSL Vulnerabilities Exposes Sensitive Data in RSA KEM Handling OpenSSL has released a broad April 2026 security update that fixes seven vulnerabilities across supported branches, led by CVE-2026-31790, a moderate-severity flaw in RSA KEM RSASVE encapsulation that can expose uninitialized memory to a malicious peer. The advisory directs users of vulnerable 3.x releases to…
-
FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users
FBI Disrupts Russian Router Hijacking Operation Compromised Thousands of Users The U.S. Justice Department and the FBI have successfully dismantled a massive cyberespionage network in a court-authorized takedown dubbed “Operation Masquerade.” Announced on April 7, 2026, the technical operation neutralized thousands of compromised small office/home office (SOHO) routers that were hijacked by Russian military intelligence…
-
Claude Finds 13-Year-Old 0-Day RCE Vulnerability in Apache ActiveMQ in 10 Minutes
Claude Finds 13-Year-Old 0-Day RCE Vulnerability in Apache ActiveMQ in 10 Minutes A critical remote code execution (RCE) vulnerability has been disclosed in Apache ActiveMQ Classic, a flaw that sat undetected for over a decade and was ultimately discovered not by a human researcher manually combing through code, but by Anthropic’s Claude AI model in…
-
CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root User
CUPS Vulnerability Chain Enables Remote Attacker to Execute Malicious Code as Root User A critical vulnerability chain in the Common Unix Printing System (CUPS) that allows unauthenticated remote attackers to execute arbitrary malicious code with root system privileges. Security researcher Asim Viladi Oglu Manizada and his team discovered two zero-day flaws, officially tracked as CVE-2026-34980…
-
Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images
Microsoft Releases New Defender Update for Windows 11, 10, and Server Installation Images Microsoft has officially rolled out its latest security intelligence update for Microsoft Defender Antivirus, delivering crucial protections for Windows 11, Windows 10, and Windows Server installation images. This vital release ensures that Microsoft’s built-in antimalware solutions are fully equipped to identify and neutralize…
-
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing systems — and deploying the Medusa ransomware as the final blow. What makes this group especially dangerous…
-
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts a maximum CVSS severity score of 9.8, making it a severe threat that requires…
-
OpenAI Codex Vulnerability Allows Attackers to Steal GitHub Access Tokens
OpenAI Codex Vulnerability Allows Attackers to Steal GitHub Access Tokens The integration of AI coding agents has introduced new, high-impact attack surfaces for development teams. Phantom Labs at BeyondTrust recently discovered a critical command-injection vulnerability in OpenAI Codex. This flaw allowed attackers to steal sensitive GitHub User Access Tokens. By exploiting how Codex handles task…
-
Hackers Use Fake TradingView Premium Posts on Reddit to Deliver Vidar and AMOS Stealers
Hackers Use Fake TradingView Premium Posts on Reddit to Deliver Vidar and AMOS Stealers A threat actor has been running an active campaign on Reddit, using fake posts that promise free TradingView Premium access to deliver two malware families — Vidar on Windows and AMOS on macOS. The operation is still live, with new posts…
-
Critical Claude Code Flaw Silently Bypasses Developer-Configured Security Rules
Critical Claude Code Flaw Silently Bypasses Developer-Configured Security Rules A high-severity security bypass vulnerability in Anthropic’s Claude Code AI coding agent allows malicious actors to silently evade user-configured deny rules through a simple command-padding technique, exposing hundreds of thousands of developers to credential theft and supply chain compromise. According to Adversa, the flaw was traced…
-
Hackers Using Fake “Microsoft Teams” Domains to Attack Users Via Malicious Payload
Hackers Using Fake “Microsoft Teams” Domains to Attack Users Via Malicious Payload Cybercriminals are launching a sophisticated new wave of attacks using fake Microsoft Teams domains. According to recent threat intelligence shared by SEAL Org, hackers are actively tricking corporate users into downloading malicious payloads by mimicking the widely used communication platform. As Microsoft Teams remains…
-
New ResokerRAT Uses Telegram Bot API to Control Infected Windows Systems
New ResokerRAT Uses Telegram Bot API to Control Infected Windows Systems A new Remote Access Trojan (RAT) called ResokerRAT has been found targeting Windows systems by abusing Telegram’s widely used Bot API to receive commands and send stolen data back to attackers. Unlike traditional malware that relies on custom command-and-control servers, this threat routes all…
-
METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux
METATRON – Open-Source AI Penetration Testing Assistant Brings Local LLM Analysis to Linux A new open-source penetration testing framework called METATRON is gaining attention in the security research community for its fully offline, AI-driven approach to vulnerability assessment. Built for Parrot OS and other Debian-based Linux distributions, METATRON combines automated reconnaissance tooling with a locally…
-
36 Malicious npm Strapi Packages Used to Deploy Redis RCE and Persistent C2 Malware
36 Malicious npm Strapi Packages Used to Deploy Redis RCE and Persistent C2 Malware A coordinated supply chain attack has been uncovered targeting developers who build applications on Strapi, a widely used open-source content management system. Thirty-six malicious npm packages disguised as legitimate Strapi plugins were published to the npm registry, carrying payloads designed to…
-
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In
New Progress ShareFile Bugs Let Attackers Take Over Servers Without Logging In A dangerous attack chain in Progress ShareFile that can allow attackers to take over exposed on-premises servers without first logging in. The issues affect customer-managed ShareFile Storage Zones Controller 5.x deployments, and Progress says customers should upgrade to version 5.12.4 or move to…
-
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware
Hackers Weaponize Claude Code Leak to Spread Vidar and GhostSocks Malware The cybersecurity community is on high alert following a massive source code leak from Anthropic. On March 31, 2026, the company accidentally exposed the complete source code for Claude Code, its flagship terminal-based coding assistant. The leak occurred due to a packaging error in…
-
Top Node.js Maintainers Targeted in Sophisticated Social Engineering Scheme
Top Node.js Maintainers Targeted in Sophisticated Social Engineering Scheme A highly coordinated social engineering campaign is actively targeting top open-source developers in the Node.js and npm ecosystem. Following the recent compromise of the popular package Axios, which sees over 100 million weekly downloads, several high-impact software maintainers have reported similar attacks. Security researchers believe this…
-
Top 10 Best User Access Management Tools in 2026
Top 10 Best User Access Management Tools in 2026 User Access Management tools centralize control over user permissions and access, providing a unified platform to enforce consistent security policies across diverse systems and applications. They enhance security by implementing role-based access controls, monitoring user activity, preventing unauthorized access, mitigating potential risks, and safeguarding sensitive information.…
-
Top 10 Best VPN For Chrome in 2026
Top 10 Best VPN For Chrome in 2026 In ever-changing technology and networks, privacy is becoming increasingly difficult to achieve. People are so used to using the Internet and IoT devices that the sensitive data they share on the web has become a prime target for hackers or malicious actors. As we all know, data…
-
LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions
LinkedIn Hidden Code Secretly Searches Your Browser for Installed Extensions Every time you open LinkedIn in a Chrome-based browser, hidden JavaScript silently scans your computer for installed software without your knowledge, without your consent, and without a single word in LinkedIn’s privacy policy. A revealing investigation conducted by the European advocacy group Fairlinked e.V., under…
-
14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits
14,000+ F5 BIG-IP APM Devices Exposed Online Amid Active RCE Vulnerability Exploits A critical security flaw in F5’s BIG-IP Access Policy Manager (APM) is currently under active exploitation, leaving thousands of enterprise networks at risk. The vulnerability, officially tracked as CVE-2025-53521, has sparked urgent warnings across the cybersecurity community after its impact was upgraded from…
-
Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2
Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2 Microsoft has officially begun force-upgrading unmanaged Windows 11 version 24H2 devices to version 25H2, marking the final phase of a staged rollout that relies on machine learning to determine device readiness. The move, confirmed in an updated Windows Release Health Dashboard entry, affects all Home and…
-
Multiple TP-Link Vulnerabilities Let Attackers Trigger DoS and Crash Routers
Multiple TP-Link Vulnerabilities Let Attackers Trigger DoS and Crash Routers Multiple high-severity vulnerabilities exist in TP-Link’s Tapo C520WS smart security cameras. If exploited, these vulnerabilities may allow adjacent attackers to trigger Denial-of-Service (DoS) conditions, crash the device, or completely bypass authentication. TP-Link has released urgent firmware updates to address these critical security gaps. When a…
-
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability
Hackers Compromised 700+ Next.js Hosts by Exploiting React2Shell Vulnerability A massive automated credential theft campaign is actively targeting web applications worldwide. Cybersecurity researchers at Cisco Talos have uncovered an operation by a hacker group tracked as UAT-10608, which has already compromised over 700 servers. The attackers are exploiting a critical security flaw known as React2Shell…
-
CERT-EU Confirms Trivy Supply Chain Attack Led to European Commission AWS Breach
CERT-EU Confirms Trivy Supply Chain Attack Led to European Commission AWS Breach The European Commission’s primary web platform, “europa.eu,” recently suffered a severe data breach stemming from a supply-chain compromise involving the popular open-source vulnerability scanner, Trivy. On April 3, 2026, CERT-EU published an official advisory detailing how a threat actor known as TeamPCP exploited…
-
North Korea-Linked Hackers Compromise Axios npm Package in Major Supply Chain Attack
North Korea-Linked Hackers Compromise Axios npm Package in Major Supply Chain Attack A North Korea-linked threat group has successfully hijacked one of the most widely used JavaScript libraries on the internet, injecting malware into millions of potential development environments. On March 31, 2026, attackers gained access to the Axios Node Package Manager (npm) package using…
-
New WhatsApp Attack Chain Uses VBS Scripts, Cloud Downloads, and MSI Backdoors
New WhatsApp Attack Chain Uses VBS Scripts, Cloud Downloads, and MSI Backdoors A new malware campaign is actively using WhatsApp to deliver harmful files directly to Windows users, exploiting the widespread trust placed in everyday messaging apps. The threat actors send malicious Visual Basic Script (VBS) files through WhatsApp messages, knowing that users rarely question…
-
Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication
Critical Cisco IMC Vulnerability Let Attackers Bypass Authentication Cisco has recently disclosed a critical security flaw affecting its Integrated Management Controller (IMC), prompting the release of urgent software updates. The vulnerability, officially tracked as CVE-2026-20093, has been assigned a critical Base CVSS score of 9.8, indicating the highest level of severity. This security weakness is…
-
Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries
Remcos RAT Infection Chain Hides Behind Obfuscated Scripts and Trusted Windows Binaries Cybercriminals are getting better at hiding their tracks, and a recently uncovered Remcos RAT campaign is proof of that. This attack does not rely on a single malicious file dropped onto a system. Instead, it uses a carefully built, multi-stage chain that starts…
-
Symantec DLP Agent Vulnerability Let Attackers Escalate Privileges
Symantec DLP Agent Vulnerability Let Attackers Escalate Privileges A high-severity security flaw has been identified in the Symantec Data Loss Prevention (DLP) Agent for Windows. Tracked as CVE-2026-3991, this vulnerability allows a low-privileged local attacker to escalate their system privileges to the highest level. Security researcher Manuel Feifel discovered the flaw, and Broadcom has recently…
-
Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux
Hackers Backdoor Telnyx Python SDK on PyPI to Steal Credentials Across Windows, macOS, and Linux A threat actor group known as TeamPCP has been caught backdooring the Telnyx Python SDK on PyPI — a popular cloud communications library with over 700,000 downloads in February alone. On March 27, 2026, two malicious versions of the package,…
-
New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector
New npm Supply Chain Attack Uses undicy-http to Deploy Screen-Streaming RAT and Browser Injector A malicious npm package named undicy-http has surfaced inside the Node.js developer ecosystem, quietly compromising machines of developers who mistakenly install it. The package impersonates undici, the official HTTP client library bundled with Node.js that handles millions of weekly downloads. Despite sharing a near-identical…
-
PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information
PNG Vulnerabilities Allow Attackers to Trigger Process Crashes, Leak Sensitive Information Two high-severity vulnerabilities have been discovered in libpng, the widely used reference library for reading and writing PNG images. These flaws allow attackers to trigger process crashes, leak sensitive information, and potentially execute arbitrary code by convincing a system to process a crafted PNG…
-
XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic Behind Decoy Servers
XLoader Malware Upgrades Obfuscation Tactics and Hides C2 Traffic Behind Decoy Servers A well-known information-stealing malware called XLoader has received significant upgrades in its latest versions, making it considerably harder to detect and analyze than before. Originally derived from a malware family known as FormBook, which first surfaced in 2016, XLoader was rebranded and relaunched…
-
Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft
Mercor AI Confirms Data Breach Following Lapsus$ Claims of 4TB Data Theft Mercor AI has officially confirmed a severe data breach following claims by the notorious Lapsus$ hacking group that they stole 4 terabytes of sensitive company data. The incident, stemming from a recent supply chain attack on the open-source LiteLLM project, has exposed proprietary…
-
New DeepLoad Malware Uses ClickFix and AI-Generated Evasion to Breach Enterprise Networks
New DeepLoad Malware Uses ClickFix and AI-Generated Evasion to Breach Enterprise Networks A newly discovered malware named DeepLoad is targeting enterprise environments, turning a single user action into persistent, credential-stealing access that survives reboots and outlasts standard cleanup efforts. What sets this campaign apart is how every stage of the attack was deliberately built to…
-
Hackers Deploy RoadK1ll Pivoting Malware to Turn Compromised Hosts Into Network Relays
Hackers Deploy RoadK1ll Pivoting Malware to Turn Compromised Hosts Into Network Relays A new piece of malware called RoadK1ll has been found silently converting compromised machines into controllable network relay points. Unlike most malware that arrives loaded with commands and attack tools, RoadK1ll is deliberately lean, built around one goal: giving attackers a reliable and…
-
Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues
Notepad++ v8.9.3 Released Addressing cURL Security Vulnerability and Crash Issues Notepad++ has officially released version 8.9.3, delivering critical security patches, structural performance enhancements, and resolutions for persistent crash issues. This update finalizes the text editor’s transition to a highly optimized XML parser, addressing multiple recent regressions while fortifying the application’s auto-update mechanism against documented vulnerabilities.…
-
Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack
Axios NPM Packages Compromised to Inject Malicious Codes in an Active Supply Chain Attack A sophisticated supply chain attack has targeted Axios, one of the most heavily adopted HTTP clients within the JavaScript ecosystem, by introducing a malicious transitive dependency into the official npm registry. Serving as a critical component across frontend frameworks, backend microservices,…
-
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April
India Set to Ban Sale of Hikvision, TP-Link, CCTV Products From April Starting April 1, 2026, the Indian government will effectively ban Chinese video surveillance giants, including Hikvision, Dahua, and TP-Link, from selling internet-connected CCTV cameras in the country. This decisive market restriction stems from new mandatory certification rules driven by national security concerns regarding…
-
New “Prompt Poaching” Attack Steals Users’ AI Conversations via Malicious Browser Extensions
New “Prompt Poaching” Attack Steals Users’ AI Conversations via Malicious Browser Extensions For many users, engaging with an AI assistant requires opening a dedicated browser tab, which inherently isolates the AI from other browsing activities. While this separation improves privacy, it reduces usefulness and context. To bridge this gap, AI-powered browser extensions have surged in…
-
VoidLink Malware Framework Shows that AI-assisted Malware is Not Experimental Anymore
VoidLink Malware Framework Shows that AI-assisted Malware is Not Experimental Anymore For years, cybersecurity professionals debated whether AI could truly be weaponized to build dangerous malware at scale. That debate is now settled. VoidLink, a Linux-based malware framework discovered in early 2026, has crossed a threshold the security community long feared — AI-assisted malware has…